9#ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
10#define SQUID_SRC_SECURITY_PEEROPTIONS_H
36 virtual void parse(
const char *);
72 virtual void dumpCfg(std::ostream &,
const char *pfx)
const;
113 debugs(83, 5,
"SSL_CTX construct, this=" << (
void*)ctx);
115 debugs(83, 5,
"SSL_CTX destruct, this=" << (
void*)p);
119 debugs(83, 5,
"gnutls_certificate_credentials construct, this=" << (
void*)ctx);
121 debugs(83, 5,
"gnutls_certificate_credentials destruct, this=" << (
void*)p);
122 gnutls_certificate_free_credentials(p);
170#define free_securePeerOptions(x) Security::ProxyOutgoingConfig().clear()
171#define dump_securePeerOptions(e,n,x) do { PackableStream os_(*(e)); os_ << n; (x).dumpCfg(os_,""); os_ << '\n'; } while (false)
void parse_securePeerOptions(Security::PeerOptions *)
A combination of PeerOptions and the corresponding Context.
FuturePeerContext(PeerOptions &o, const ContextPointer &c)
const ContextPointer & raw
TLS context configured using options.
PeerOptions & options
TLS context configuration.
TLS squid.conf settings for a remote server peer.
void updateContextCrl(Security::ContextPointer &)
setup the CRL details for the given context
std::list< SBuf > caFiles
paths of files containing trusted Certificate Authority
ParsedPortFlags parseFlags()
SBuf crlFile
path of file containing Certificate Revoke List
PeerOptions(const PeerOptions &)=default
Security::ContextPointer createClientContext(bool setOptions)
generate a security client-context from these configured options
Security::CertRevokeList parsedCrl
CRL to use when verifying the remote end certificate.
ParsedPortFlags parsedFlags
parsed value of sslFlags
virtual void parse(const char *)
parse a TLS squid.conf option
virtual void clear()
reset the configuration details to default
bool optsReparse
whether parsedOptions content needs to be regenerated
SBuf sslFlags
flags defining what TLS operations Squid performs
Security::ContextPointer convertContextFromRawPtr(T ctx) const
SBuf sslOptions
library-specific options string
PeerOptions & operator=(const PeerOptions &)=default
Security::ParsedOptions parsedOptions
struct Security::PeerOptions::flags_ flags
void updateContextCa(Security::ContextPointer &)
setup the CA details for the given context
void updateContextOptions(Security::ContextPointer &)
Setup the library specific 'options=' parameters for the given context.
SBuf caDir
path of directory containing a set of trusted Certificate Authorities
void updateTlsVersionLimits()
sync the context options with tls-min-version=N configuration
virtual void dumpCfg(std::ostream &, const char *pfx) const
output squid.conf syntax with 'pfx' prefix on parameters for the stored settings
PeerOptions(PeerOptions &&)=default
SBuf tlsMinVersion
version label for minimum TLS version to permit
void updateContextTrust(Security::ContextPointer &)
decide which CAs to trust
void parseOptions()
parse and verify the [tls-]options= string in sslOptions
void updateContextNpn(Security::ContextPointer &)
setup the NPN extension details for the given context
std::list< Security::KeyData > certs
details from the cert= and file= config parameters
virtual Security::ContextPointer createBlankContext() const
generate an unset security context object
void updateSessionOptions(Security::SessionPointer &)
setup any library-specific options that can be set for the given session
bool encryptTransport
whether transport encryption (TLS/SSL) is to be used on connections to the peer
#define debugs(SECTION, LEVEL, CONTENT)
Network/connection security abstraction layer.
std::shared_ptr< SSL_CTX > ContextPointer
std::shared_ptr< SSL > SessionPointer
std::list< Security::CrlPointer > CertRevokeList
PeerOptions & ProxyOutgoingConfig()
configuration options for DIRECT server access
flags governing Squid internal TLS operations
YesNoNone tlsDefaultCa
whether to use the system default Trusted CA when verifying the remote end certificate
flags_(const flags_ &)=default
flags_ & operator=(const flags_ &)=default
bool tlsNpn
whether to use the TLS NPN extension on these connections
1.9.8